IN THE CLAIMS 

Please amend the claims to read as follows: 
Listing of Claims 

1. (Currently Amended) A data processing system for 
generating a key protection certificate comprising: 

a PSD further comprising a unique device name, cryptography 
means, data processing means, data storage means and 
communications means; t 

wherein said cryptography means includes an asymmetric 
cryptographic key pair generating algorithm, a first securely 
shared secret key, a second securely shared secret key, symmetric 
cryptography means, a concatenation algorithm, a message 
authentication code algorithm, cryptographic seed information, a 
key protection certificate generating algorithm and a signing 
algorith m, and 

wherein said key protection certificate generating algorithm 
comprises means for producing sequentially with said 
cryptographic key generating algorithm, upon completion of 
cryptographic key generation and in dependence on said generated 
cryptographic key, a unique digital certificate that comprises 
said unique device name . 
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2. (Currently Amended) The system according to claim 1, 
wherein at least a portion of said cryptographic seed information 
is used by said asymmetric key pair generating algorithm to 
generate at least one asymmetric private key and one asymmetric 
public key upon receipt of at least one key generation command, 
said keys being stored in a secure domain of said PSD . 

3. (Currently Amended) The system according to claim 2, 
wherein said key protection certificate generating algorithm, 
upon receipt of said key generation command, generates a 
plurality of contextual attributes. 

4. (Original) The system according to claim 3, wherein at 
least a portion of said contextual attributes are encrypted using 
said first shared secret key and said symmetric cryptography 
means to generate private contextual attributes. 

5. (Original) The system according to claim 4, wherein the 
remaining unencrypted of said plurality of said contextual 
attributes forms public contextual attributes. 

6. (Original) The system according to claim 5, wherein a 
signed device name is generated using said unique device name and 
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said asymmetric private key as inputs into said signing 
algorithm. 

7. (Original) The system according to claim 6, wherein 
said private contextual attributes, public contextual attributes, 
signed device name and unique device name are concatenated by 
said concatenation algorithm, generating a first intermediate 
result . 

8. (Original) The system according to claim 7, wherein a 
message authentication code is generated using said second shared 
secret key and said first intermediate result as inputs into said 
message authentication code algorithm, forming a second 
intermediate result. 

9. (Currently Amended) The system according to claim 8, 
wherein said first intermediate result and said second 
intermediate result are concatenated by said concatenation 
algorithm forming said key protection certificate then stored in 
said secure domain of said PSD . 

10. (Original) The system according to claim 1, wherein 
said unique device name is an embedded serial number. 
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11. (Original) The system according to claim 10, wherein 
said unique device name is the result of a cryptographic process 
using said embedded serial number as a cryptographic seed. 

12. (Original) The system according to claim 1, wherein 
said communications means includes means for receiving commands 
to generate asymmetric and symmetric keys and means for sending 
said public key and said key protection certificate. 

13. (Currently Amended) A data processing system for 
validating a key protection certificate generated by a PSD 
comprising: 

data processing means, data storage means, communications 
means, cryptography means, a first securely shared secret 
symm e tric key, a second securely shared secret symm e tric key and 
a public key, 

wherein the said cryptography means includes a message 
authentication code algorithm, cross referencing means and a 
comparator algorith m, and 

wherein said cross referencing means comprises means for 
selecting proper first and second securely shared secret keys, a 
proper public key, proper cryptography algorithms and reference 
parameters associated with said key protection certificate, by 
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use of a unique device name of said PSD contained in said key 
protection certificate . 

14. (Currently Amended) The system according to claim 13, 
wherein said proper first securely shared secret symm e tric key, 
said proper second securely shared secret sy m m e tri c key and said 
public key have a direct generation relationship with said key 
protection certificate • 

15. (Currently Amended) The system according to claim 13, 
wherein said communications means includes means for transmitting 
requests for said key protection certificate and said p ubli c k e y 
and means for receiving said key protection certificate and said 
p ubli c k e y . 

16. (Currently Amended) The system according to claim 15, 
wherein said received key protection certificate includes private 
contextual attributes, public contextual attributes, said unique 
a device name of said PSD , a signed device name and a message 
authentication code in dependence on said private contextual 
attributes, said public contextual attributes, said unique device 
name of the PSD, and said signed device name . 
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17 . (Canceled) • 



18. (Currently Amended) The system according to claim i7 
16 , wherein said signed device name is decrypted using said 
proper public key, generating a second device name. 

19. (Currently Amended) The system according to claim 18, 
wherein said second device name and said unique device name of 
said PSD contained in said certificate are compared by the 
comparator algorithm to determine if said second device name and 
said unique device name of said PSD contained in said certificate 
match. 

20. (Currently Amended) The system according to claim 16, 
wherein a second message authentication code is generated using 
said private contextual attributes, said public contextual 
attributes, said unique device name of said PSD , said signed 
device name included in said certificate and said proper second 
securely shared secret key as inputs into said message 
authentication code algorithm. 

21. (Original) The system according to claim 20, wherein 
said second message authentication code and said message 
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authentication code contained in said certificate are compared 
using said comparator algorithm to determine if said second 
message authentication code and said message authentication code 
contained in said certificate match. 

22. (Currently Amended) The system according to claim 16, 
wherein said private contextual attributes are decrypted using 
said proper first securely shared secret key. 

23. (Original) The system according to claim 22, wherein 
at least one predetermined parameter is contained in at least a 
portion of said decrypted private contextual attributes. 

24. (Original) The system according to claim 23, wherein 
at least one predetermined parameter and said reference 
parameters are compared using said comparator algorithm to 
determine if said at least one predetermined parameter and said 
reference parameters match. 

25. (Original) The system according to claim 19, 21 or 24, 
wherein a failure to achieve a match invalidates said key 
protection certificate. 
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26 • (Currently Amended) A method for generating a key 
protection certificate comprising: 

injecting a first securely shared secret sy m metric key, a 
second securely shared secret symmetric key, a key protection 
algorithm and cryptographic seed information into a PSD which 
comprises a unique device name , wherein at least a portion of 
said seed information is used in generating at least one public 
key and one private key, 

storing said injected symm e tric first and second securely 
shared secret keys and said cryptographic seed information in a 
secure domain within said PSD, 

sending a command to said PSD for generating said at least 
one public key and one private key, wherein said command 
initiates generation of said keys and of said key protection 
certificate, 

generating said at least one public key and said one private 
key using at least a portion of said seed information, 

generating contextual attributes specific to at least the 
generation of said private key, 

encrypting at least a portion of said contextual attributes 
using said first securely shared secret key, forming private 
contextual attributes and public contextual attributes, wherein 
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predetermined parameters are included in said private contextual 
attributes, 

storing said public key and said private key in said secure 
domain within said PSD , 

generating a digital signature of a said unique device name 
using said private key, 

concatenating said unique device name, said private 
contextual attributes, said public contextual attributes with 
said digital signature and generating a first intermediate 
result, 

generating a message authentication code of said first 
intermediate result using said second securely shared secret key 
producing a second intermediate result, 

concatenating said first intermediate result with said 
second intermediate result producing said key protection 
certificate; and 

storing said key protection certificate in said secure 
domain within said PSD , 

27. (Currently Amended) A method for validating a key 
protection certificate generated by a PSD comprising: 

receiving said key protection certificate and a p ubli c k e y , 
wherein said certificate contains at least a plain text device 
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name portion, a signed device name portion and cryptogram 
portion, 

cross-referencing said device name with proper first and 
second securely shared secret keys, a proper public key, proper 
cryptographic algorithms and reference parameters associated with 
said key protection certificate, 

verifying said signed device name portion of said 
certificate using said proper public key, 

comparing the resulting device name with said device name 
portion included in said certificate, 

independently performing a message authentication code 
function on said concatenated private contextual attributes, 
public contextual attributes, device name, and signed device name 
portions of said certificate using a first of said proper 
securely shared secret keys, 

comparing the resulting message authentication code with a 
method authentication code included in said certificate, 

decrypting said private contextual attributes using a second 
of said proper securely shared secret keys, 

comparing at least a portion of the private contextual 
attributes to the reference parameters, 

validating said certificate if said resulting device name 
matches said device name contained in said certificate, said 
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independently generated message authentication code matches said 
message authentication code contained in said certificate and at 
least a portion of said private contextual attributes matches 
said reference p a r am e t e r parameters , 

rejecting said certificate if any of said matches is not 
achieved . 

28. (Currently Amended) The method according to claim 27, 
wherein said receiving party possesses said proper securely 
shared secret keys and said proper public key. 

29. (Original) The method according to claim 28, wherein 
said receiving party is a trusted third party certificate 
authority. 

30. (New) A data processing system for generating a key 
protection certificate comprising a PSD further comprising a 
unique device name, at least one cryptographic key generating 
algorithm, a key protection certificate generating algorithm, 
data processing means, data storage means and communications 
means, wherein said key protection certificate generating 
algorithm comprises means for producing sequentially with said 
cryptographic key generating algorithm, upon completion of 
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cryptographic key generation, a unique digital certificate that 
comprises said unique device name and depends on said generated 
cryptographic key. 

31. (New) A data processing system for validating a key 
protection certificate generated by a PSD comprising data 
processing means, data storage means, communications means, 
cryptography means, at least one cryptographic key, and cross 
referencing means, wherein cross referencing means comprises 
means for selecting at least one proper cryptographic key and one 
proper cryptography algorithm associated with said key protection 
certificate, by use of a unique device name of said PSD contained 
in said key protection certificate. 

32. (New) A method for generating a key protection 
certificate comprising sending a command to a PSD comprising a 
unique device name for generating at least one cryptographic key, 
wherein said command initiates generation by said PSD of said key 
and of said key protection certificate that comprises said unique 
device name of said PSD and depends on said generated 
cryptographic key. 
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33. (New) A method for validating a key protection 
certificate generated by a PSD comprising: 

receiving said key protection certificate, wherein said 
certificate contains at least a unique device name of said PSD, 

cross-referencing said device name with at least one proper 
cryptographic key and one proper cryptography algorithm 
associated with said key protection certificate, and 

validating said key protection certificate with at least 
said proper cryptographic key and said proper cryptography 
algorithm. 

34. (New) A computer program product embodied in a 
tangible form having instructions executable by said PSD to at 
least implement the method of claim 26. 

35. (New) A computer program product embodied in a 
tangible form having instructions executable by said PSD to at 
least implement the method of claim 32. 

36. (New) A computer program product embodied in a 
tangible form having instructions executable by said data 
processing system to at least implement the method of claim 27. 



15 



37. (New) A computer program product embodied in a 
tangible form having instructions executable by said data 
processing system to at least implement the method of claim 33 • 
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